# 🛡️ Weekly Cyber Update – June 23–29, 2025: Massive Breaches, Sneaky Malware, and Global Threats

This week’s update covers June 23–29, 2025, with 20 critical cybersecurity stories. For everyone, we’ve got breaches at Ahold Delhaize, McLaren Health, and Hawaiian Airlines, plus scams targeting your phone and wallet. For pros, dive into advanced malware, exploited vulnerabilities, and nation-state attacks. Stay sharp with our tools and tips—let’s get started!


Cybersecurity for Everyone

Hackers are after your personal info! From grocery chains to airlines, breaches and scams are hitting hard. Protect your family and accounts with these simple steps.

:police_car_light: Top Stories

1. Ahold Delhaize Breach Impacts 2.2 Million People :shopping_cart:

  • Summary: A November 2024 ransomware attack on Ahold Delhaize, a major grocery chain, exposed personal, financial, and health data of 2.2 million customers and employees across its U.S. stores like Stop & Shop.
  • Why it matters: If you shop at Ahold Delhaize stores, monitor your bank accounts, enable two-factor authentication, and watch for phishing emails pretending to be from these retailers.
  • :link: BleepingComputer

2. McLaren Health Care Breach Hits 743,000 Patients :hospital:

  • Summary: A July 2024 ransomware attack by the INC gang on McLaren Health Care exposed personal data of 743,000 patients, including names and medical records.
  • Why it matters: If you’re a McLaren patient, enroll in free credit monitoring, check accounts for odd activity, and update passwords to stay safe.
  • :link: SecurityWeek

3. Hawaiian Airlines Faces Cybersecurity Incident :airplane:

  • Summary: Hawaiian Airlines reported a cyberattack in June 2025 affecting its IT systems, potentially leaking customer data. Experts suspect Scattered Spider’s social engineering tactics.
  • Why it matters: If you fly with Hawaiian Airlines, change passwords and beware of texts or emails claiming to be from the airline.
  • :link: The Register

4. Scammers Pose as Insurance Companies to Steal Data :e_mail:

  • Summary: Criminals are impersonating insurers via emails and texts, tricking people into sharing medical records and payment info in June 2025, per the Federal Bureau of Investigation (FBI).
  • Why it matters: Verify insurance contacts through official websites and avoid sharing personal info via unsolicited messages.
  • :link: The Register

5. Fake DocuSign Emails Hide Phishing Scams :scroll:

  • Summary: A June 2025 phishing campaign uses fake DocuSign emails to redirect users through Webflow to a Google login page, stealing credentials.
  • Why it matters: Don’t click links in unexpected DocuSign emails—log in directly at docusign.com to check documents safely.
  • :link: Malwarebytes

6. Facebook’s AI Tool Requests Photo Access :camera_with_flash:

  • Summary: Facebook’s new AI feature in June 2025 asks for camera roll access to suggest photo collages, raising privacy concerns about data collection.
  • Why it matters: Deny camera roll access in app settings and review what photos you share to protect your privacy.
  • :link: The Hacker News

7. SparkKitty Malware Steals Photos and Crypto :mobile_phone:

  • Summary: SparkKitty malware, found on Google Play and Apple App Store in June 2025, steals photos and cryptocurrency wallet data from iOS and Android devices.
  • Why it matters: Stick to trusted app stores, review app permissions, and use antivirus software to block this sneaky malware.
  • :link: BleepingComputer

8. CoinMarketCap Hacked with Fake Web3 Popup :money_with_wings:

  • Summary: A June 2025 supply chain attack on CoinMarketCap’s website used a fake Web3 popup to drain cryptocurrency wallets of site visitors.
  • Why it matters: Avoid popups on crypto sites and use a secure wallet with two-factor authentication to protect your funds.
  • :link: BleepingComputer

9. Oxford City Council Breach Exposes Decades of Data :classical_building:

  • Summary: A June 2025 cyberattack on Oxford City Council accessed personal data from legacy systems, potentially affecting residents over two decades.
  • Why it matters: If you’ve interacted with Oxford City Council, monitor accounts for suspicious activity and enable two-factor authentication.
  • :link: BleepingComputer

10. Scattered Spider Targets Airlines with Social Engineering :airplane_departure:

  • Summary: The FBI warned in June 2025 that Scattered Spider is targeting airlines, using social engineering to impersonate employees and steal data.
  • Why it matters: Be cautious of unsolicited calls or emails claiming to be from airlines—verify through official channels.
  • :link: The Hacker News

Tool of the Week: 1Password — A user-friendly password manager to create and store strong, unique passwords, protecting you from breaches like Ahold Delhaize’s or the CoinMarketCap hack.

  • :link: https://1password.com/
    Community Question: Have you used a password manager like 1Password to secure your accounts? What’s your top tip for staying safe online? Share below!

Pro Insights: Advanced Cyber Threats

Tech pros, this week’s intense! From exploited vulnerabilities to nation-state espionage, hackers are targeting critical infrastructure and developers. Arm your defenses with these insights.

:police_car_light: Top Technical Updates

1. Citrix Bleed 2 Flaw Exploited (CVE-2025-5777) :locked_with_key:

  • Summary: A critical NetScaler ADC and Gateway flaw (CVE-2025-5777), dubbed Citrix Bleed 2, is actively exploited in June 2025, allowing attackers to bypass authentication.
  • Why it matters: A zero-day (new flaw hackers exploit) threatens remote access systems. Upgrade NetScaler appliances immediately to block unauthorized access.
  • :link: BleepingComputer

2. Salt Typhoon Targets Canadian Telecoms :satellite:

  • Summary: China-linked Salt Typhoon exploited a Cisco IOS XE flaw (CVE-2023-20198) to breach Canadian telecom firms in June 2025, building espionage networks.
  • Why it matters: Audit telecom systems for backdoors and apply Cisco patches to prevent data exfiltration.
  • :link: SecurityWeek

3. LapDogs Campaign Hijacks 1,000+ SOHO Devices :satellite_antenna:

  • Summary: The LapDogs campaign, linked to China, compromised over 1,000 small office/home office (SOHO) devices in June 2025 to support cyber espionage.
  • Why it matters: Secure SOHO routers with strong passwords and firmware updates to block covert networks.
  • :link: The Hacker News

4. APT28 Uses Signal Chats for Malware Attacks :mobile_phone_with_arrow:

  • Summary: Russia-linked APT28 targeted Ukrainian officials in June 2025 via Signal chats, deploying BeardShell and SlimAgent malware to steal data.
  • Why it matters: Train staff on social engineering and monitor chat apps for phishing attempts to block espionage.
  • :link: SecurityAffairs

5. Open VSX Registry Flaw Risks Developers :desktop_computer:

  • Summary: A critical flaw in Open VSX Registry (CVE-2025-3248) could allow attackers to hijack Visual Studio Code extensions, threatening millions of developers in June 2025.
  • Why it matters: Verify extension sources and use dependency scanners to prevent supply chain attacks.
  • :link: SecurityAffairs

6. Nucor Confirms Data Theft in May Attack :factory:

  • Summary: Nucor, North America’s largest steel producer, confirmed a May 2025 cyberattack stole sensitive data from its IT systems.
  • Why it matters: Industrial firms, enhance network segmentation and monitor for data leaks to mitigate breaches.
  • :link: SecurityWeek

7. GIFTEDCROOK Malware Evolves for Espionage :detective:

  • Summary: GIFTEDCROOK malware, updated in June 2025, now exfiltrates sensitive documents beyond browser data, targeting high-value individuals.
  • Why it matters: Deploy endpoint detection and response (EDR) tools to catch this advanced espionage tool.
  • :link: The Hacker News

8. Prometei Botnet Resurfaces with Enhancements :robot:

  • Summary: The Prometei botnet, active since March 2025, spiked in June with new features, enabling DDoS and data theft attacks.
  • Why it matters: Monitor network traffic for botnet activity and apply firewall rules to block malicious connections.
  • :link: SecurityWeek

9. WordPress Motors Theme Flaw Exploited :framed_picture:

  • Summary: A privilege escalation flaw in the WordPress Motors theme was mass-exploited in June 2025, allowing attackers to hijack admin accounts.
  • Why it matters: Update WordPress themes and plugins, and restrict admin access to prevent site takeovers.
  • :link: BleepingComputer

10. North Korean Hackers Use Zoom for System Takeovers :movie_camera:

  • Summary: North Korean hackers used social engineering in June 2025 Zoom meetings to trick users into running malicious commands, taking over systems.
  • Why it matters: Verify meeting hosts and avoid executing unsolicited commands during video calls.
  • :link: SecurityWeek

Tool of the Week: Wireshark — A powerful network analysis tool to monitor traffic and detect threats like botnets (e.g., Prometei) or espionage campaigns.

  • :link: https://www.wireshark.org/
    Community Question: With botnets like Prometei spiking, what’s your go-to tool for monitoring network threats? Share your strategies below!

:brain: Takeaway

Hackers are targeting everyone—from grocery shoppers to critical infrastructure. Stay proactive!

  • :locked: Enable two-factor authentication to secure accounts (Ahold Delhaize, McLaren).
  • :mobile_phone_with_arrow: Verify app and email sources to avoid phishing (DocuSign, Hawaiian Airlines).
  • :shield: Update software and back up data offline to counter ransomware and malware.

:globe_with_meridians: Stay Connected and Secure

Want more? :bell: Join the Crushing Security newsletter for the latest news and tips: Sign up here.
Drop your thoughts below—let’s keep the convo rolling!

:repeat_button: Suggestions

:light_bulb: Got ideas to make these updates better? Comment below, visit the feedback page, or ping Steve.

Tags: cyber-news, data-breach, scams, online-safety, hacking